Presentations to Reporting Entities

Risk-based Approach

April 2008

Table of Contents

View all slides


Slide 1: Presentation Overview

  • Introduction
  • What is a risk-based approach?
  • Legislative and Regulatory Requirements
  • Risk-based approach - in detail
  • Higher risk situations
  • Examples of poor risk assessments
  • Additional considerations

Slide 2: Introduction


  • The PCMLTFA was amended in December 2006, authorizing the creation of new requirements through the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations.
  • A compliance program initially required four elements. As of June 23, 2008, it also has to include a risk assessment on money laundering and terrorist financing.

Slide 3: What is a Risk-based Approach?


A process that allows reporting entities to:
  • Identify and measure potentially higher risks for money laundering and terrorist financing.
  • Develop strategies to mitigate those risks.
  • Focus resources in areas that are deemed to be higher risk.

Slide 4: Legislative and Regulatory Requirements


  • The compliance program must now include a documented risk assessment.
  • The risk assessment for money laundering and terrorist financing must take into account the following factors:
    • client and business relationships;
    • products and services, and delivery channels;
    • geographic location where activities are conducted; and
    • any other relevant factors.

Slide 5: Legislative and Regulatory Requirements (cont'd)


  • The review of the compliance policies and procedures, including the risk assessment, risk mitigation and ongoing monitoring, must be done every two years.
  • The findings of the review, updates made to the policies and procedures relative to the review, and the status of their implementation must be reported in writing to a senior officer.

Slide 6: Legislative and Regulatory Requirements (cont'd)


  • For all activities that have been identified as high risk for money laundering and terrorist financing, the reporting entity must develop and apply policies and procedures to:
    1. mitigate the identified risks of a money laundering or terrorist financing offence;
    2. take reasonable measures to keep client identification information and beneficial owner information up to date; and
    3. take reasonable measures to conduct ongoing monitoring to detect suspicious transactions.

Slide 7: Risk-based Approach


The process encompasses:
  • Risk assessment of business activities and clients;
  • Controls to mitigate risks identified;
  • Ongoing monitoring of accounts and financial transactions that pose higher risks;
  • Keeping client information, and if applicable beneficial ownership, up to date.

Slide 8: Risk Assessment


A risk assessment is an analysis of potential threats and vulnerabilities to ML and TF to which a reporting entity is exposed.

Complexity of the risk assessment will depend on the nature, size, complexity and risk factors of the reporting entity.

Factors to consider:
  • Client and business relationships
  • Products and services and deliver channels through which the RE offers them
  • Geographic locations of the reporting entity's activities
  • Other factors relevant to the reporting entity's business or sector

Slide 9


There is clearly no single risk rating methodology for all reporting entities


Slide 10: Risk Assessment as a Two-stage Process


Stage 1: A risk assessment of your:
  • products and services;
  • delivery channels;
  • geographic locations; and
  • other relevant factors.
See Appendix 1 checklist in Guideline 4